Equifax has confessed that the real reason it has not contacted the 14 million UK customers who had their name and date of birth information compromised in its mass data breach is that its systems cannot find out where they live.
The confession is included in a letter to Nicky Morgan, chair of the Treasury Committee, from Equifax European president Patricio Remon in response to her demands for an explanation about the fiasco.
The 11-page missive starts with Remon claiming: “I want to assure you that from the moment we learned about the incident, our team worked around the clock to identify the impacted UK consumers and to develop a plan to inform and protect them in the most appropriate way.”
Remon insisted Equifax started contacting those most seriously at risk – via letter – on October 13 in a four-phase approach “so that we can promptly and effectively answer phone calls from impacted consumers”. The firm expects to complete the notification process by November 24.
The response to Morgan’s question: “Why has Equifax chosen not to contact, or offer any support, to individuals who have had name and date of birth compromised?”, however, is more telling.
Remon writes: “Our own data scientists have had difficulty in matching the records impacted by this cyber-attack with known and validated UK consumers’ home addresses, Equifax Ltd concluded that the risk of writing letters of such sensitivity to home addresses which, in many cases, may be invalid would be an inappropriate course of action and would lead to unnecessary distress and risk for many individuals.
“The risk for consumers would increase if mail tampering were able to link home addresses to otherwise unusable data. Throughout our discussions, the ICO advised that it would be unwise for Equifax Ltd to write to individuals unless we had sufficient certainty that the correct person at a valid home address was being contacted.”
The Financial Conduct Authority and the Information Commissioner’s Office have both launched investigations into the breach, which compromised the personal information of some 15.2 million Britons; 700,000 of whom could face financial fraud.
Related stories
FCA launches investigation into Equifax breach farce
The farce continues: Equifax now says 694,000 Brits hit
Equifax chief ‘misled Congress over mass data breach’
Equifax: Oops we’ve found another 2.5m stolen records
Equifax CEO is ‘retired’ as company reels from breach
Equifax blunders on after sending users to fake website
Equifax admits that 400,000 Brits hit by US breach
Flaw on Equifax system was exposed over 6 months ago
44m Brits could be affected by Equifax US data breach
Equifax rocked as mega hack exposes 143m consumers